[Pkg-rust-maintainers] Bug#1083292: gpg-from-sq: Unknown argument --card-status causes cryptsetup cannot decrypt disk during boot time

Mon Oct 14 15:24:50 BST 2024

control: severity -1 important
thanks

On Mon, Oct 14, 2024 at 10:00:25PM +0800, ChangZhuo Chen (陳昌倬) wrote:
> On Mon, Oct 14, 2024 at 11:31:22AM +0000, Holger Levsen wrote:
> > One question, which will be obvious to you, but it's not 100% clear to me: do you
> > use a smart card here? :)
> Yes, I use YubiKey 5 Nano in this case.

ok, thanks!

> I think it shall be some way to info user about the problem in the
> combination of cryptsetup + gpg-from-sq since The problem happens only
> when all the following conditions meet:
> 
> * Use cryptsetup to encrypt disk with LUK

plus, a pgp key on a smartcard is used. (i'm picky about this, as this
doesnt seem to affect just cryptsetup and gpg-from-sq installed, which
is something eg I use currently :)

> * Use gpg-from-sq to replace gpg
> * Install new kernel and run update-initramfs during the installation
>   process. The gpg from Sequoia will be used to create initramfs, and
>   decrypt_gnupg-sc does not support gpg from Sequoia.
>
> User cannot find the problem immediately, and when the problem happen,
> they cannot decrypt disk and boot. They need to use previous kernel,
> which might be removed already.

this is still pretty bad. :/ raising severity accordingly.

-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Imagine god created trillions of galaxies but freaks out because some dude
kisses another.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20241014/55f87f4f/attachment.sig>